[NT] Sambar Telnet Proxy Multiple Vulnerabilities (DoS, Buffer Overflow)

From: support@securiteam.com
Date: 08/14/01


From: support@securiteam.com
To: list@securiteam.com
Subject: [NT] Sambar Telnet Proxy Multiple Vulnerabilities (DoS, Buffer Overflow)
Message-Id: <20010814063009.BC4DA138BF@mail.der-keiler.de>
Date: Tue, 14 Aug 2001 08:30:09 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com

  Sambar Telnet Proxy Multiple Vulnerabilities (DoS, Buffer Overflow)
------------------------------------------------------------------------

SUMMARY

The <http://www.Sambar.com/> Sambar Server was created to test a
three-tier communication infrastructure modeled after the Sybase Open
Client/Open Server. Soon thereafter, the idea of leveraging the
infrastructure for dynamic delivery of content on the WWW resulted in the
addition of an HTTP protocol stack, and efforts in supporting the notion
of persistent users via HTTP. Multiple security vulnerabilities have been
found in the product. Those allow attackers to cause the server to crash,
and to execute arbitrary code.

DETAILS

Denial of service attack:
The Sambar Telnet Proxy allows attackers to connect to the localhost,
continuesly connecting to the localhost will cause the server to stop
responding after about 40 such connections.

Buffer overflow in telnet proxy/server:
Sending a host name of more than 1100 characters causes the server to
overflow one of its internal buffers, causing it to crash and execute
arbitrary code.

ADDITIONAL INFORMATION

The information has been provided by <mailto:kyprizel@mail.kz> kyprizel.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.



Relevant Pages

  • [NT] Multiple Vulnerabilities in JanaServer
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Windows platform can act as HTTP/FTP/NEWS/SNTP server, ... JanaServer up to 1.46 was freeware, ... HTTP server buffer overflow ...
    (Securiteam)
  • Switch Off Multiple Vulnerabilities
    ... Stack-based Buffer Overflow ... execute arbitrary code on the remote system - possibly with SYSTEM ... cause the server to execute a specially crafted request which will trigger ... vulnerability before such code is made public, ...
    (Bugtraq)
  • [VulnWatch] Switch Off Multiple Vulnerabilities
    ... Stack-based Buffer Overflow ... execute arbitrary code on the remote system - possibly with SYSTEM ... cause the server to execute a specially crafted request which will trigger ... vulnerability before such code is made public, ...
    (VulnWatch)
  • Remote buffer overflow in MailEnable IMAP service [Hat-Squad Advisory]
    ... MailEnable's Mail Server software provides a enterprise messaging platform for Microsoft Windows NT/2000/XP/2003 systems. ... Two vulnerabilities were discovered by Hat-Squad Team in MailEnable's IMAP service including a stack based buffer overflow ... and an object pointer overwrite, both can lead to remote execution of arbitrary code. ... 8198 bytes will cause a stack buffer overflow.This vulnerability can be triggered before any kind of authentification. ...
    (Bugtraq)
  • [VulnWatch] IA WebMail Server 3.x Buffer Overflow Vulnerability
    ... IA WebMail Server 3.x Buffer Overflow Vulnerability ... the execution of a 'retn' instruction. ... It is also possible to execute a fairly large amount of code ...
    (VulnWatch)